LockBit 3.0 Ransomware Attack on EPR Groupe
Incident Date:
May 7, 2024
Overview
Title
LockBit 3.0 Ransomware Attack on EPR Groupe
Victim
EPR Groupe
Attacker
Lockbit3
Location
First Reported
May 7, 2024
Ransomware Attack on EPR Groupe by LockBit 3.0
Victim Profile
EPR Groupe, a French company with over 30 years of experience, specializes in providing solutions to protect its clients from physical and technical threats they may face in various sectors, including economic, cultural, and sporting activities. The company's directors have acquired expertise in risk management and work closely with their teams of experts to respond quickly to complex situations, freeing clients from managing potentially hostile environments.
Ransomware Group Profile
The LockBit 3.0 ransomware group is an evolution of the LockBit group, operating under a Ransomware-as-a-Service (RaaS) model. LockBit 3.0, also known as LockBit Black, is a new variant of the ransomware that emerged in 2022. It is considered one of the most dangerous and disruptive ransomware threats currently active.
Ransomware Attack Details
The French company was targeted in a cyberattack by the LockBit 3.0 ransomware group. The ransomware encrypts files, modifies filenames, changes desktop wallpaper, and drops a ransom note on the victim's desktop. LockBit 3.0 is known for its advanced features, including lateral movement through networks, covering its tracks, and being heavily obfuscated to evade analysis.
Company Vulnerabilities
With its focus on providing security solutions to various sectors, EPR Groupe may have been targeted due to the sensitive nature of the information they handle. The company's expertise in risk management and quick response to threats could have made them a valuable target for threat actors seeking to disrupt their operations and extort ransom.
LockBit May Attacks
This is part of the May 2024 attacks by LockBit 3.0, a cybercriminal group, resurfaced with vigor following the disruption of its infrastructure during "Operation Cronos," a collaborative effort by international law enforcement agencies. Despite arrests and the dismantling of its data leak site, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform, with subsequent attacks adding to the tally. These assaults spanned various sectors and countries, showcasing LockBit's global reach and adaptability.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.